From 3db3a9f375dd32efe8fa818c4d105ae4e5f75310 Mon Sep 17 00:00:00 2001 From: mkangia Date: Sat, 7 Sep 2024 22:10:33 +0530 Subject: [PATCH 01/11] save expires_in as set for token store the same expires_in in DB as it will returned to the client in response --- hq_superset/oauth2_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hq_superset/oauth2_server.py b/hq_superset/oauth2_server.py index 5843f67..f72285a 100644 --- a/hq_superset/oauth2_server.py +++ b/hq_superset/oauth2_server.py @@ -24,7 +24,7 @@ def save_token(token: dict, request: FlaskOAuth2Request) -> None: token_type=token['token_type'], access_token=token['access_token'], scope=client.domain, - expires_in=10, # 10 Seconds + expires_in=token['expires_in'] ) db.session.add(token) db.session.commit() From 199f8ef06bbcc036864c3b74ed87e3b3ad7c9b80 Mon Sep 17 00:00:00 2001 From: mkangia Date: Sat, 7 Sep 2024 22:10:55 +0530 Subject: [PATCH 02/11] add example to overrite expiry time --- superset_config.example.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/superset_config.example.py b/superset_config.example.py index 7dda59b..2e8e921 100644 --- a/superset_config.example.py +++ b/superset_config.example.py @@ -63,6 +63,12 @@ } ] +# override expiry time for a specific grant type by +# setting this config +OAUTH2_TOKEN_EXPIRES_IN = { + # 'client_credentials': 3600 # seconds +} + # Will allow user self registration, allowing to create Flask users from # Authorized User AUTH_USER_REGISTRATION = True From 28b5ed72244893fc6987359973389a009a1deea9 Mon Sep 17 00:00:00 2001 From: Manish Kangia Date: Tue, 10 Sep 2024 14:21:09 +0530 Subject: [PATCH 03/11] Bump version --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index a423823..51eadc4 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='hq_superset', - version='0.3.5', + version='0.3.6', description='CommCare HQ Superset Integration', license='Apache2', author='Dimagi Inc.', From 5622e1cf7783164e8ad8b8b4429aa4b049cbcff6 Mon Sep 17 00:00:00 2001 From: Ajeet Date: Tue, 8 Oct 2024 18:27:41 +0530 Subject: [PATCH 04/11] readme update related to pypi --- apache-superset.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/apache-superset.md b/apache-superset.md index 1b6cb44..4784eaa 100644 --- a/apache-superset.md +++ b/apache-superset.md @@ -17,7 +17,7 @@ very complicated or impossible to do inside HQ Superset. In this spirit, - if the change is specific to CommCare HQ, try to implement the - customization in [HQ Superset](https://github.com/dimagi/hq_superset). + customization in [Commcare Analytics](https://github.com/dimagi/hq_superset). - If the change is not specific to CommCare HQ and is useful to outside users, try to create a pull request against the upstream [Apache Superset](https://github.com/apache/superset) repo. @@ -289,6 +289,10 @@ the build instructions have remained the same before proceeding. cd superset-frontend/ npm ci && npm run build ``` + +> Note: If you see a warning/error for npm and node versions, you can use a tool like +[nvm](https://github.com/nvm-sh/nvm) to install and use the correct version. + - Build translations ``` cd ../ @@ -306,7 +310,13 @@ the build instructions have remained the same before proceeding. ``` twine upload dist/apache-superset-${latest-dimagi-version}.tar.gz ``` - You can refer to 1Password for the PyPI credentials. + You can refer to 1Password for the PyPI API token for dimagi-superset. You should now be able to use this package inside https://github.com/dimagi/hq_superset by referring to the release tag. + +> Note:
  • pypi package follows the versioning scheme as described [here](https://packaging.python.org/en/latest/discussions/versioning/). +We make any initial customizations on top of apache upstream version and +then make a release to pypi with the same version number. For e.g. customizations were made on the upstream version `3.1.0` and this was released to dimagi-superset pypi as `3.1.0`.
  • If any additional customizations are needed on top of initial versions, we are using the post release for numbering +i.e. `.post<>` as the suffix with N as an incrementing integer. +It is acknowledged that using the post release is not the best way, however it was chosen to keep the version in sync to the upstream apache-superset version.
\ No newline at end of file From 434579fe74d65450e99812865cb6db043a3c814e Mon Sep 17 00:00:00 2001 From: Ajeet Date: Tue, 8 Oct 2024 18:36:49 +0530 Subject: [PATCH 05/11] upgrade dimagi superset version --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 51eadc4..92d2395 100644 --- a/setup.py +++ b/setup.py @@ -11,7 +11,7 @@ packages=find_packages(exclude=['docs', 'tests']), include_package_data=True, install_requires=[ - 'dimagi-superset==3.1.0', + 'dimagi-superset==3.1.0.post1', # Dependencies based on Superset 3.1.0 where applicable 'Authlib==1.3.0', 'celery==5.2.7', From c600d5eae4d9dc3dd86fcafdce437c3ae8365359 Mon Sep 17 00:00:00 2001 From: Ajeet Date: Tue, 8 Oct 2024 22:50:50 +0530 Subject: [PATCH 06/11] nit: readibility on readme --- apache-superset.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/apache-superset.md b/apache-superset.md index 4784eaa..19ac056 100644 --- a/apache-superset.md +++ b/apache-superset.md @@ -315,8 +315,18 @@ the build instructions have remained the same before proceeding. You should now be able to use this package inside https://github.com/dimagi/hq_superset by referring to the release tag. -> Note:
  • pypi package follows the versioning scheme as described [here](https://packaging.python.org/en/latest/discussions/versioning/). -We make any initial customizations on top of apache upstream version and -then make a release to pypi with the same version number. For e.g. customizations were made on the upstream version `3.1.0` and this was released to dimagi-superset pypi as `3.1.0`.
  • If any additional customizations are needed on top of initial versions, we are using the post release for numbering -i.e. `.post<>` as the suffix with N as an incrementing integer. -It is acknowledged that using the post release is not the best way, however it was chosen to keep the version in sync to the upstream apache-superset version.
\ No newline at end of file +> Note: +> +> * PyPI package follows the versioning scheme as described +> [here](https://packaging.python.org/en/latest/discussions/versioning/). +> We make any initial customizations on top of Apache upstream version +> and then make a release to PyPI with the same version number. e.g. +> customizations were made on the upstream version `3.1.0` and this +> was released to dimagi-superset PyPI as `3.1.0`. +> +> * If any additional customizations are needed on top of initial +> versions, we are using the post release for numbering i.e. +> `.post<>` as the suffix with N as an incrementing integer. It is +> acknowledged that using the post release is not the best way, +> however it was chosen to keep the version in sync with the upstream +> apache-superset version. \ No newline at end of file From 3085e801c9631ad3410546850d1cc056206257a1 Mon Sep 17 00:00:00 2001 From: Ajeet Date: Wed, 9 Oct 2024 11:52:54 +0530 Subject: [PATCH 07/11] Bump version 0.3.7 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 92d2395..76b2b27 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='hq_superset', - version='0.3.6', + version='0.3.7', description='CommCare HQ Superset Integration', license='Apache2', author='Dimagi Inc.', From fd1f227cc436a3b7f347bab50d6e8429fc2b6a93 Mon Sep 17 00:00:00 2001 From: Manish Kangia Date: Mon, 14 Oct 2024 20:06:03 +0530 Subject: [PATCH 08/11] Correct link --- apache-superset.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apache-superset.md b/apache-superset.md index 19ac056..ae34f86 100644 --- a/apache-superset.md +++ b/apache-superset.md @@ -1,7 +1,7 @@ Dimagi Superset Fork -------------------- -[Dimagi Superset](https://github.com/dimagi/hq_superset) is a fork of +[Dimagi Superset](https://github.com/dimagi/superset) is a fork of [Apache Superset](https://github.com/apache/superset). Dimagi Superset is maintained to build a slightly customized version of the [Apache Superset PyPI package](https://pypi.org/project/apache-superset/). @@ -329,4 +329,4 @@ https://github.com/dimagi/hq_superset by referring to the release tag. > `.post<>` as the suffix with N as an incrementing integer. It is > acknowledged that using the post release is not the best way, > however it was chosen to keep the version in sync with the upstream -> apache-superset version. \ No newline at end of file +> apache-superset version. From d0a232f7deb3f3fdc90e9812852a7ecab2482900 Mon Sep 17 00:00:00 2001 From: mkangia Date: Tue, 15 Oct 2024 16:12:44 +0530 Subject: [PATCH 09/11] add talisman to example file --- superset_config.example.py | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/superset_config.example.py b/superset_config.example.py index 2e8e921..7a46a3f 100644 --- a/superset_config.example.py +++ b/superset_config.example.py @@ -152,3 +152,36 @@ class CeleryConfig: # CommCare Analytics extensions FLASK_APP_MUTATOR = flask_app_mutator CUSTOM_SECURITY_MANAGER = oauth.CommCareSecurityManager + +TALISMAN_CONFIG = { + "content_security_policy": { + "base-uri": ["'self'"], + "default-src": ["'self'"], + "img-src": [ + "'self'", + "blob:", + "data:", + "https://apachesuperset.gateway.scarf.sh", + "https://static.scarf.sh/", + "*", + ], + "worker-src": ["'self'", "blob:"], + "connect-src": [ + "'self'", + "https://api.mapbox.com", + "https://events.mapbox.com", + ], + "object-src": "'none'", + "style-src": [ + "'self'", + "'unsafe-inline'", + "https://fonts.googleapis.com", + ], + "font-src": ["'self'", "https://fonts.gstatic.com"], + "script-src": ["'self'", "'unsafe-eval'"], + }, + "content_security_policy_nonce_in": ["script-src"], + "force_https": False, + "session_cookie_secure": False, +} + From e069cb88e88f988846ecb82513ba0e65cbcc5e7d Mon Sep 17 00:00:00 2001 From: Charl Smit Date: Tue, 22 Oct 2024 11:06:54 +0200 Subject: [PATCH 10/11] Attempt at rebuilding staging branches --- scripts/rebuildstaging | 8 ++++++++ scripts/staging.yml | 10 ++++++++++ setup.py | 5 +++++ 3 files changed, 23 insertions(+) create mode 100755 scripts/rebuildstaging create mode 100644 scripts/staging.yml diff --git a/scripts/rebuildstaging b/scripts/rebuildstaging new file mode 100755 index 0000000..1f2e07c --- /dev/null +++ b/scripts/rebuildstaging @@ -0,0 +1,8 @@ +#!/bin/bash + +function rebuildstaging() { + echo "Rebuilding staging branch..." + git-build-branch scripts/staging.yml +} + +rebuildstaging diff --git a/scripts/staging.yml b/scripts/staging.yml new file mode 100644 index 0000000..3c63ee8 --- /dev/null +++ b/scripts/staging.yml @@ -0,0 +1,10 @@ +# This file is used to keep track of which feature branches +# should be in the `staging` branch. +# How it works: +# 1. Add your feature branch to the end of the list +# 2. Run ./scripts/rebuildstaging to rebuild the `staging` branch +# 3. Push the `staging` branch and deploy the code (this is a manual process at the moment) +trunk: master +name: staging +branches: + - cs/SC-3473-user-roles-from-hq \ No newline at end of file diff --git a/setup.py b/setup.py index 76b2b27..501af20 100644 --- a/setup.py +++ b/setup.py @@ -23,6 +23,11 @@ 'Werkzeug==2.3.3', 'WTForms==2.3.3', ], + extras_require={ + 'dev': [ + 'git-build-branch', + ], + }, classifiers=[ 'Programming Language :: Python', 'Programming Language :: Python :: 3.9' From c53fba4e1c3e10a897f87d48803d571e0252766c Mon Sep 17 00:00:00 2001 From: Charl Smit Date: Tue, 22 Oct 2024 11:50:06 +0200 Subject: [PATCH 11/11] Add section to readme --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index d487101..a4ec355 100644 --- a/README.md +++ b/README.md @@ -152,6 +152,15 @@ The test runner can only run tests that do not import from Superset. The code you want to test will need to be in a module whose dependencies don't include Superset. +### Testing on staging +In order to test your feature branch on staging you need to +1. Check out to `master` branch (make sure it's up to date) +2. Add your feature branch to the `branches` section in `scripts/staging.yml` file +3. Push the file back to remote `master` +4. Run `scripts/rebuildstaging` (this will rebuild the staging branch on your machine) +5. Push the new `staging` branch to remote +6. Deploy `staging` as usual + ### Creating a migration